Tech Giants To US: Stop Spying

Apple, AOL, Facebook, Google, LinkedIn, Microsoft, Twitter, and Yahoo have asked the US government to limit its data gathering.

Eight technology companies have banded together to ask the US government to reform its surveillance policies and practices.

Apple, AOL, Facebook, Google, LinkedIn, Microsoft, Twitter, and Yahoo on Monday published an open letter to President Obama and members of Congress in which they state that recent revelations about the scope of NSA surveillance highlight "the urgent need to reform government surveillance practices worldwide."

The revelations in question, published over the summer in The Guardian and The Washington Post, were made possible by documents leaked by former NSA contractor Edward Snowden, who is living in Russia for fear of arrest by US authorities.

"The security of users' data is critical, which is why we've invested so much in encryption and fight for transparency around government requests for information," said Google CEO Larry Page in a statement. "This is undermined by the apparent wholesale collection of data, in secret and without independent oversight, by many governments around the world. It's time for reform and we urge the US government to lead the way."

The companies want governments to: set self-imposed limits on their data collection; seek data through intelligence agencies under a clear legal framework; be transparent about government information demands; not require service providers to use in-country infrastructure; and cooperate with one another when seeking data across jurisdictions.

Although the documents provided by Snowden reveal the scope of NSA data collection, this isn't just about the reach of US intelligence agencies. As Forrester analyst James Staten wrote in August, "It's naive and dangerous to think that the NSA's actions are unique. Nearly every developed nation on the planet has a similar intelligence arm which isn't as forthcoming about its procedures for requesting and gaining access to service provider (and ultimately corporate) data."

For several of these companies, this letter adds weight to their ongoing litigation against the US government for permission to disclose the number of national security-related data disclosure orders they receive, which they cannot reveal under current law.

The Obama administration is currently reviewing US surveillance policy, following the initial outcry over the revelations and the subsequent finding that the US eavesdropped on foreign government leaders, friend and foe alike. The non-classified findings of the review are expected to be published in mid-December.

Each of the signatory companies stores data for customers. Much like banks, they depend on customer trust to remain stewards of customer data.

"People won't use technology they don't trust," said Microsoft general counsel and executive VP Brad Smith in a blog post. "Governments have put this trust at risk, and governments need to help restore it."

When the government has access to that data without legal process -- through bulk collection, for example -- and without the knowledge of the company storing the data, corporate assurances of data safety become less credible and customer trust erodes.

That erosion has an estimated cost: The Information Technology & Innovation Foundation (ITIF) has estimated that the US cloud computing industry could lose as much as $35 billion by 2016 from companies that balk at the prospect of unfettered US access to data service providers.

Forrester's Staten argues that the ITIF figure is too low. He said the US cloud computing industry stands to lose as much as $180 billion, or 25% of overall IT service provider revenues, by 2016.

The use of cloud technology is booming, often offering the only way to meet customers', employees', and partners' rapidly rising requirements. But IT pros are rightly nervous about a lack of visibility into the security of data in the cloud. This Dark Reading report, Integrating Vulnerability Management Into The Application Development Process, puts the risk in context and offers recommendations for products and practices that can increase insight -- and enterprise security. (Free registration required.)

As long as the tech giants just dish out the data for any petty reason or even make money with it (yes, that means you AT&T) all this is just empty talk. The tech giants have the resources to say No and take the federal agencies to court for each and every single request until either there is a clear court ruling by a real court (not this FISA court crap) or Congress finally gets something done and passes laws that ideally restrict and defund the NSA and the dozen other three letter agencies that sniff around in stuff that is none of their business.

If letters to Washington would accomplish anything the postal service would not run a deficit....

All of your points are excellent and perfectly logical. I feel that the tech giants are literally working for the customers in this instance. I could be wrong, but my view of a consumer is that a consumer and producer is the same thing and can only be distinguishable if time is narrowed down to a small period. Much like savings and investments are the same thing in the long run.

If the US government does not have a framework to protect the intellectual property of customers/producers then foreign governmentswill also not protect intellectual property of customers/producers, and developing countries have more to lose by not respecting intellectual property because it would promote corruption. Tech giants can implement something like i2p or something that is massively more complicated to crack but doing so would mean less people have incentives and the capability to become customers/producers of ecommerce.

@ACM, this was part of my point. We've had reports of the NSA spying on us for years but it's not until someone walks away with some data and it becomes a high profile story that the tech giants seem to care. There have long been people complaining about Google reading your mail in order to serve targeted ads, why is Google up in arms now? I feel like the tech companies are trying to distance themselves from they spying but they are doing their own brand of spying at the same time and have been allowing the government to do so for years. I don't see anyone closing their Dropbox, Gmail and Facebook accounts over the Snowden leaks so why has this become such a big deal for the tech giants?

I agree that users are going to keep using these services, regardless. The UI and features/functionality is immediate, while privacy or domestic/foreign intelligence eavesdropping likely seems rather abstract.

What I find interesting about the open letter is that none of the signatories are yet encrypting their communications/data, end to end. At the same time, they're making a political call on the U.S. government not to eavesdrop on those communications.

But what's to stop anyone else -- namely, foreign governments with intelligence agencies that, unlike in the United States, feed intel to their domestic businesses to give them a competitive edge -- from intercepting those communications?

As Tom said, if you build a strong cloud service, this problem goes away. And there are several steps these businesses could be making, which would help make the need for open letters unnecessary.

Yes and whether $35 billion or $180 billion turns out to be the actual short term lose that the US cloud computing industry will suffer, I wonder how much it will cost the cloud industry in the long run. Canada has become the first country to have a free trade agreement with both EU and US (NAFTA), firms like Mitel and Asatra are merging to increase their productivity, and ICT in general requires rules that safeguard customer's information that is acceptable across borders.

First the government shutdown setback talks between the US and EU, and NSA is just causing more problems, if things continue similarly and US citizens do not take an active interest in this issue then next US jobs from the Cloud industry will be lost to global firms that are more efficient.

I think the tech companies are overstating the issue of customer trust. No one is going to stop using Gmail because of the NSA. The real issue is the danger to our civil liberties. I'm glad the tech giants are using their clout to try and get some reforms in place, but it's unlikely any of them are going to suffer from a drop in users because of NSA surveillance.

Once someone develops a cloud service that cannot be intercepted and decrypted, the issue will be resolved. But it remains to be seen whether that's technically doable and whether any government would allow a truly impenetrable service provider. If software weren't so full of holes by accident, the authorities would probably require the addition of holes...

I agree that the issue has mostly blown over, but with the US pushing its TPP agreement along, it's asking for another SOPA/PIPA style protest in a lot of countries that could easily bring the issue back to the fore.

SaneIT, fair point. I sense most people are generally indifferent to the Snowden revelations -- and that people have come to accept that the information about our lives is an open book - a tradeoff we make for the conveniences of technology.

It's interesting that the NSA revelations have got the Big Tech companies up in arms, but those companies are in many ways, harvesting and profiting more from our daily digital footprints than what NSA is doing.

Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.

Among 688 respondents to our Mobile Application Development Survey ó up from 350 respondents in 2012 ó 46% have deployed mobile apps, with an additional 24% planning to in the next year. Whatís the holdup for that remaining 30%? Often, itís a lack of expertise.